Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 24.10 USN-7287-1 Medium: libcap2 allowed unintended capabilities

ubuntu
Calendar Grey February 24, 2025
Dist Ubuntu Esm H88
Ubuntu Security Bulletin USN-7288-2 highlights a vulnerability in libcap2 that may grant excessive permissions. Immediate patching necessary.
libcap2 would allow unintended capabilities.

Summary

libcap2 would allow unintended capabilities.

Software Description:

- libcap2: POSIX 1003.1e capabilities (library)

Details:

Tianjia Zhang discovered the libcap2 PAM module pam_cap incorrectly

handled parsing group names in the configuration file. This could result in

certain users being granted capabilities, contrary to expectations.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libpam-cap                      1:2.66-5ubuntu3.1

Ubuntu 24.04 LTS
   libpam-cap                      1:2.66-5ubuntu2.2

Ubuntu 22.04 LTS
   libpam-cap                      1:2.44-1ubuntu0.22.04.2

Ubuntu 20.04 LTS
   libpam-cap                      1:2.32-1ubuntu0.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-7287-1

CVE-2025-1390

Severity
medium
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7287-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here